Uploading logs manually for Shadow IT Discovery

You can preview the Forcepoint ONE SSE Shadow Reporting functionality by manually importing a log sample from my firewall. Once imported and fields matched, Forcepoint ONE SSE will reveal Shadow IT adoption and user behaviors for a point in time.

Steps

  1. On the Discovery Reports page, click New Log File import.
  2. On the New Log Import page, select the applicable vendor for the firewall/proxy logs.


  3. Choose the delimiter type the log file uses and then select Browse to search for the log file.

    Only compressed files (zip, gz, and so on) can be used for uploading logs with a maximum size of 500mb compressed. At a minimum, the log file should include Date, Time, Source IP and Destination IP. Logs including hostname, username, bytes uploaded and downloaded would generate a richer breach discovery report.

  4. Once the file is uploaded, a preview is available from the log file.
  5. Use the column attribute mapping table to map the columns from the preview to the associated attribute.
  6. If the date time format is incorrect, you can edit the field and select Other to enter the relevant format using directives in the help text.
  7. When all the required columns are mapped, click Upload for interpreting the file, the status will change to Pending.
    Once the report is available for viewing, the status will be updated to View Report.
  8. Click the View Report link view the ShadowIT report details.